IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Kubernetes fields logstash fields »
Elastic Docs Filebeat Reference [7.1] Exported fields

Log file content fields

edit

Log file content fields

edit

Contains log file lines.

log.file.path

type: keyword

required: False

The file from which the line was read. This field contains the absolute path to the file. For example: /var/log/system.log.

log.source.address

type: keyword

required: False

Source address from which the log event was read / sent from.

log.offset

type: long

required: False

The file offset the reported line starts at.

stream

type: keyword

required: False

Log stream when reading container logs, can be stdout or stderr

input.type

required: True

The input type from which the event was generated. This field is set to the value specified for the type option in the input section of the Filebeat config file.

syslog.facility

type: long

required: False

The facility extracted from the priority.

syslog.priority

type: long

required: False

The priority of the syslog event.

syslog.severity_label

type: keyword

required: False

The human readable severity.

syslog.facility_label

type: keyword

required: False

The human readable facility.

process.program

type: keyword

required: False

The name of the program.

log.flags

This field contains the flags of the event.

http.response.content_length

type: alias

alias to: http.response.body.bytes

user_agent.os.full_name

type: keyword

fileset.name

type: keyword

The Filebeat fileset that generated this event.

fileset.module

type: alias

alias to: event.module

read_timestamp

type: alias

alias to: event.created

« Kubernetes fields logstash fields »